35-27
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter35 Configuring AAA Servers and the Local Database
Configuring AAA
.Changing User Passwords
The ASA enables administrators with the necessary privileges to modify passwords for users in the
current context. Users must authenticate with their current passwords before they are allowed to change
passwords. However, authentication is not required when an administrator is changing a user password.
To enable users to change their own account passwords, enter the following command:
Step7 password-policy minimum-uppercase value
Example:
hostname(config)# password-policy minimum-uppercase
3
Sets the minimum number of upper case characters
that passwords may have. Valid values are between
0 and 64 characters. The default value is 0, which
means there is no minimum.
Step8 password-policy authenticate enable
Example:
hostname(config)# password-policy authenticate
enable
(Optional) Determines whether or not users are
allowed to modify their own user account.
If authentication is enabled, users cannot change
their own password or delete their own account with
the username command or with the clear configure
username command.
Command Purpose
Command Purpose
change-password [old-password old-password
[new-password new-password]]
Example:
hostname# change-password old-password
myoldpassword000 new password mynewpassword123
Enables users to change their own account passwords. The
new-password new-password keyword-argument pair
specifies the new password. The old-password old-password
keyword-argument pair specifies the old password, which
reauthenticates the user. If users omit the passwords, the ASA
prompts them for input. When users enter the
change-password command, they are asked to save their
running configuration.